From cb37d895a6b97e294aa838f85227d29892f4e11e Mon Sep 17 00:00:00 2001
From: Loganathan Parthipan <parthipan@hp.com>
Date: Thu, 29 Sep 2011 16:41:49 +0100
Subject: Improve access check on images

Makes sure that users can delete only their own images, snapshots.
Enable listing of all images, both private which are owned and the public
ones. Only list the private images/snapshots for the owner and admin users.
Fixes bug 863305

Change-Id: I7326ec4a99158c8db5319f2397c99c5a89be2cb5
---
 nova/tests/image/test_glance.py | 44 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'nova/tests')

diff --git a/nova/tests/image/test_glance.py b/nova/tests/image/test_glance.py
index c592b4888..aaf7a5d06 100644
--- a/nova/tests/image/test_glance.py
+++ b/nova/tests/image/test_glance.py
@@ -272,6 +272,24 @@ class TestGlanceImageService(test.TestCase):
             self.assertDictMatch(meta, expected)
             i = i + 1
 
+    def test_index_private_image(self):
+        fixture = self._make_fixture(name='test image')
+        fixture['is_public'] = False
+        properties = {'owner_id': 'proj1'}
+        fixture['properties'] = properties
+
+        image_id = self.service.create(self.context, fixture)['id']
+
+        proj = self.context.project_id
+        self.context.project_id = 'proj1'
+
+        image_metas = self.service.index(self.context)
+
+        self.context.project_id = proj
+
+        expected = [{'id': 'DONTCARE', 'name': 'test image'}]
+        self.assertDictListMatch(image_metas, expected)
+
     def test_detail_marker(self):
         fixtures = []
         ids = []
@@ -380,6 +398,32 @@ class TestGlanceImageService(test.TestCase):
         num_images = len(self.service.index(self.context))
         self.assertEquals(1, num_images)
 
+    def test_delete_not_by_owner(self):
+        # this test is only relevant for deprecated auth mode
+        self.flags(use_deprecated_auth=True)
+
+        fixture = self._make_fixture(name='test image')
+        properties = {'project_id': 'proj1'}
+        fixture['properties'] = properties
+
+        num_images = len(self.service.index(self.context))
+        self.assertEquals(0, num_images)
+
+        image_id = self.service.create(self.context, fixture)['id']
+        num_images = len(self.service.index(self.context))
+        self.assertEquals(1, num_images)
+
+        proj_id = self.context.project_id
+        self.context.project_id = 'proj2'
+
+        self.assertRaises(exception.NotAuthorized, self.service.delete,
+                          self.context, image_id)
+
+        self.context.project_id = proj_id
+
+        num_images = len(self.service.index(self.context))
+        self.assertEquals(1, num_images)
+
     def test_show_passes_through_to_client(self):
         fixture = self._make_fixture(name='image1', is_public=True)
         image_id = self.service.create(self.context, fixture)['id']
-- 
cgit